INTER-CONFIDENTIALITY PROTECTION OF AGENT COMMUNICATION IN MULTI-AGENT SYSTEM BASED APPLICATIONS

Authors

  • Olumide Simeon Ogunnusi Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, 81310, UTM Johor Bahru, Johor, Malaysia
  • Shukor Abd Razak Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, 81310, UTM Johor Bahru, Johor, Malaysia
  • Abdul Hanan Abdullah Department of Computer Science, Faculty of Computing, Universiti Teknologi Malaysia, 81310, UTM Johor Bahru, Johor, Malaysia

DOI:

https://doi.org/10.11113/jt.v77.6319

Keywords:

Agent communication, agent isolation, certificate authentication, type-space, access control model, security domain

Abstract

Mobile agent interaction is usually vulnerable to attacks from within and outside the agent’s execution environment. Also, the mobility property of mobile agents earns them the opportunity to migrate from one security domain to another. Intranet/LAN with connection to internet do, from time to time, experience agent visitation either for malicious purpose or for legitimate mission. To protect legitimate agent communication against attack by visiting agent, we propose a technique that restricts migration of the visiting agent and isolate it to a neutral host where its mission could be achieved. We refer to this technique as restriction-based access control mechanism (ResBAC). The proposed mechanism employs certificate authentication, re-defining visiting agent itinerary path and visiting agent isolation to accomplish the aforementioned objective. The performance of the proposed mechanism is evaluated using scenarios to determine the strength of the mechanism in term of its ability to protect agent communication against the three major threats: man-in-the-middle attack, replay attack, and passive eavesdropping. 

References

Li, N. 2011. Discretionary Access Control. Encyclopedia of Cryptography and Security. 353-356.

Ni, Q., et al. 2010. Privacy-Aware Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC). 13(3): 24.

Gray, E., et al. 2002. Towards a Framework for Assessing Trust-based Admission Control in Collaborative Ad Hoc Applications. Dept. of Computer Science, Trinity College Dublin, Technical Report. 66.

Zhao, Y. L. and C. F. Jiang. 2014. Research of Access Control Models in Personal Networks. In Advanced Materials Research. Trans Tech Publ.

Hur, J. and D. K. Noh. 2011. Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems. Parallel and Distributed Systems, IEEE Transactions on. 22(7): 1214-1221.

Hu, V. C., D. R. Kuhn, and D. F. Ferraiolo. 2015. Attribute-Based Access Control. Computer. 2015(2): 85-88.

Sahai, A. and B. Waters. 2005. Fuzzy Identity-Based Encryption. In Advances in Cryptology–EUROCRYPT 2005. Springer. 457-473.

Carrie, E. G. 2007. Access Control Requirements for Web 2.0 Security and Privacy. In Proc. of Workshop on Web 2.0 Security & Privacy (W2SP 2007. Citeseer.

Fong, P. W. 2011. Relationship-Based Access Control: Protection Model and Policy Language. In Proceedings of the first ACM conference on Data and application security and privacy. ACM.

Hammoutene, M., M. Petkovic, and C. V. Conrado. 2013. Role-based Access Control. Google Patents.

Alturi, V. and D. Ferraiolo. 2011. Role-Based Access Control. In Encyclopedia of Cryptography and Security. Springer. 1053-1055.

Joshi, S. 2010. Role-Based Access Control. Google Patents.

Tsai, W.-T. and Q. Shao. 2011. Role-Based Access-Control Using Reference Ontology in Clouds. In Autonomous Decentralized Systems (ISADS), 2011 10th International Symposium on. IEEE.

Chen, L. and J. Crampton. 2012. Risk-Aware Role-Based Access Control. In Security and Trust Management. Springer. 140-156.

Bilaney, R. P. and S. R. Devasahayam. 2014. Claims-Aware Role-Based Access Control. Google Patents.

Yu, D. 2012. Role and Task-Based Access Control Model for Web Service Integration. Journal of Computational Information Systems. 8: 2012(7).

Deng, J.-B. and F. Hong. 2003. Task-Based Access Control Model. Journal of Software. 14(1): 76-82.

Santos-Pereira, C., et al. 2013. A Secure RBAC Mobile Agent Access Control Model for Healthcare Institutions. In Computer-Based Medical Systems (CBMS), 2013 IEEE 26th International Symposium on. IEEE.

FERREIRAabd, A., et al. 2007. Access Control: How Can It Improve Patients’ Healthcare? Medical and Care Compunetics. 4(4): 65.

Eastlake, D. and P. Jones. 2001. US Secure Hash Algorithm 1 (SHA1), RFC 3174, September.

Claessens, J., B. Preneel, and J. Vandewalle. 2003. (How) Can Mobile Agents Do Secure Electronic Transactions on Untrusted Hosts? A Survey of the Security Issues and the Current Solutions. ACM Transactions on Internet Technology (TOIT). 3(1): 28-48.

Downloads

Published

2015-11-17

Issue

Vol. 77 No. 13: Technology-Driven Sustainable Development in Sciences & Engineering Vol. 2

Section

Science and Engineering

License

Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.

How to Cite

INTER-CONFIDENTIALITY PROTECTION OF AGENT COMMUNICATION IN MULTI-AGENT SYSTEM BASED APPLICATIONS. (2015). Jurnal Teknologi, 77(13). https://doi.org/10.11113/jt.v77.6319